Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
ldapscripts(5)		      File Formats Manual		ldapscripts(5)

NAME
       ldapscripts - Scripts to	manage POSIX accounts in your LDAP directory.

DESCRIPTION
       The  ldapscripts	 are  a	 set  of shell (sh) scripts designed to	manage
       POSIX accounts in an OpenLDAP directory.	They can be used as standalone
       tools or	within Samba 3.x's smb.conf file.

REQUIREMENTS
       The   main   requirements  are  the  OpenLDAP  client  tools  (ldapadd,
       ldapsearch, ldapdelete, ...). Other commands are	called in the  scripts
       but should come with your OS (sed, grep,	cut, ...).

CONFIGURATION
       The   main  configuration  of  the  ldapscripts	is  usually  the  file
       /etc/ldapscripts/ldapscripts.conf (or  /usr/local/etc/ldapscripts/ldap-
       scripts.conf,  depending	 on  your system). Modify it to	fit your needs
       before using the	scripts. You can override that default path by	defin-
       ing the LDAPSCRIPTS_CONF	environment variable.

       Each   script  also  uses  a  "runtime"	file,  usually	/usr/lib/ldap-
       scripts/runtime (or /usr/local/lib/ldapscripts/runtime).	You don't need
       to modify this file.

TEMPLATES
       Each  script  that  adds	 information to	the directory uses a template.
       Templates are directly embedded at the end of the  scripts  but	it  is
       also  possible to use external template files (see GTEMPLATE, UTEMPLATE
       and MTEMPLATE variables in the configuration file). Each	template  con-
       sists  of  a preformatted LDIF file using special keywords that will be
       replaced	on-the-fly. Sample files are provided for your	convenience  :
       ldapaddgroup.template.sample,  ldapadduser.template.sample  and ldapad-
       dmachine.template.sample. It is strongly	advised	to use those files in-
       stead of	modifying the embedded (default) templates in the scripts.

       Sample  templates  include every	keyword	you can	use. One special addi-
       tional keyword is the <ask> keyword that	will trigger user input	to get
       the attribute value interactively.

USING AS STANDALONE TOOLS
       Each  script  can  be used as a standard	command-line tool. Check their
       man pages to get	help.

USING WITH SAMBA 3.x
       Each Samba 3.x smb.conf "xxx script" option has a matching script. Mod-
       ify you smb.conf	file this way to call them :

       # [...]
       add machine script = /usr/local/sbin/ldapaddmachine '%u'	sambamachines
       add user	script = /usr/local/sbin/ldapadduser '%u' sambausers
       add group script	= /usr/local/sbin/ldapaddgroup '%g'
       add user	to group script	= /usr/local/sbin/ldapaddusertogroup '%u' '%g'
       delete user script = /usr/local/sbin/ldapdeleteuser '%u'
       delete group script = /usr/local/sbin/ldapdeletegroup '%g'
       delete user from	group script = /usr/local/sbin/ldapdeleteuserfromgroup '%u' '%g'
       set primary group script	= /usr/local/sbin/ldapsetprimarygroup '%u' '%g'
       rename user script = /usr/local/sbin/ldaprenameuser '%uold' '%unew'
       # [...]

SEE ALSO
       ldapdeletemachine(1),  ldapmodifymachine(1), ldaprenamemachine(1), lda-
       padduser(1),  ldapdeleteuserfromgroup(1),   ldapfinger(1),   ldapid(1),
       ldapmodifyuser(1), lsldap(1), ldapaddusertogroup(1), ldaprenameuser(1),
       ldapinit(1),  ldapsetpasswd(1),	ldapaddgroup(1),   ldapdeletegroup(1),
       ldapsetprimarygroup(1), ldapmodifygroup(1), ldaprenamegroup(1), ldapad-
       dmachine(1), ldapdeleteuser(1).

AVAILABILITY
       The ldapscripts are provided under the GNU General  Public  License  v2
       (see  COPYING for more details).	 The latest version of the ldapscripts
       is available on : http://contribs.martymac.org

BUGS
       Sometimes, that kind of message may appear in the log file : Additional
       information:  value  does  not  conform	to assertion syntax .  Setting
       slapd's debug level to 32 shows additional details :  get_ava:  illegal
       value  for  attributeType  uidNumber .  This is *not* a bug : the ldap-
       scripts tend to use the power of	LDAP filters to	easily find users  (or
       groups)	using  either  a  uidNumber (numerical value) or a uid (string
       value). The following filter (used by ldapfinger(1)) will generate  the
       above  message  if  $_USER  is  a  login	 :  "(|(&(objectClass=posixAc-
       count)(|(uid=$_USER)(uidNumber=$_USER)))(&(objectClass=posix-
       Group)(|(cn=$_USER)(gidNumber=$_USER))))" because filter	part "(uidNum-
       ber=$_USER)" requires an	integer	but gets a string. You can mostly  ig-
       nore those warnings.

				January	1, 2006			ldapscripts(5)

NAME | DESCRIPTION | REQUIREMENTS | CONFIGURATION | TEMPLATES | USING AS STANDALONE TOOLS | USING WITH SAMBA 3.x | SEE ALSO | AVAILABILITY | BUGS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=ldapscripts&sektion=5&manpath=FreeBSD+13.0-RELEASE+and+Ports>

home | help